Keith Howanitz wrote:> lib/util_sid.c:string_to_sid(285) string_to_sid: Sid S-0-0 is not in a
valid format. : 31 Time(s)
... > MTS Trusted Impersonators
> http://ask.support.microsoft.com/kb/181775/
>
> Basically, the group is invalid because the name is over the
> max length (which is 20 characters long).
... oh man, does this mean I'm going to have to go through all the groups in
Windows 2003 Server Active Directory, and count the letters? I count seven in
the 'Builtin' OU alone, and three more that were created by MS Exchange
( "MTS Trusted Impersonators" is there too). Renaming these groups
sounds like a recepie for disaster.
This isn't just a cosmetic issue; these errors show up about the same time
as pam errors saying 'user_blah is not in group linux_admins', when
'id user_name' shows that the user *is* in that group. Like the S-0-0
errors mentioned before, restarting winbindd makes the problem go away
temporarily.